Recently there have been discussions on several vulnerabilities in MySQL and closely related projects such as MariaDB and Percona Server. Usually we have inherited security fixes from MySQL when we have updated Percona Server to be based off a new Oracle MySQL release. In this case however, Oracle has been incredibly quiet.
We’ve been examining how these affect current Percona Server versions and will shortly be making security releases and more information available (we wish to ensure what we say is correct in regards to Percona Server).
As seems to often be the case, we already had a release in the pipeline – Percona Server 5.5.28-29.2 which contains many bug fixes that affect users (see our release notes). We’re going to still release 5.5.28-29.2 and shortly after we’ll make 5.5.28-29.3 available with just security fixes.
For more information, see:
- Full Disclosure mailing list threads
- Open Query blog post on MariaDB updates
- Sergei Golubchik (long time MySQL developer, current MariaDB developer) responds on oss-sec list